You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

It showed up when I plugged my external hard drive after I restarted my computer.

Before it said it was on the 2. physical disk, that might have been my second hard drive which was disconnected when I plugged in my external, because prior I received the same alert saying it was on 2. physical disk when they were both plugged in. I disconnected the external and left my second hard drive plugged in, then I began to run scans and I followed some tips from a few sites to get rid of it. I've also reformatted windows and to get rid of it. I ran scans after and I had nothing, everything was fine, but then I was stupid and plugged in my external hard drive then I get the alert posted in the screen shot, I disconnected it quickly. I ran a scan after that and I have nothing.

Do I still have the bug? Because that only popped up because I connected my external hard drive. When I disconnected the external I ran scans, I get nothing on my computers hard drive. Is my pc and second hard drive clean and only my external is dirty? I ran scans on my second hard drive and it's clean as well. I read up on this virus and it's pretty nasty, I currently have Nod32 and Malwarebytes.

I want to know if the virus is hiding itself or if it's finally gone. Some help would be greatly appreciated, forgive me if my explanation sucks.

C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSExplorer.EXEC:Documents and SettingsOwnerDesktopSmitfraudFixPolicies.exeC:WINDOWSsystem32cmd.exe

BC AdBot (Login to Remove)

GMER Rootkit Scanner - Download - HomepageWhy? Rootkits can generally be removed effectively, but they need to be removed before other malware can be cleaned, and they sometimes interfere with some of the tools we use. If you start a new topic, please include the GMER log as an initial check for the presence of rootkits:

Extract the contents of the zipped file to desktop.

Double click GMER.exe.

If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..

In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

Sections

IAT/EAT

Drives/Partition other than Systemdrive (typically C:\)

Show All (don't miss this one)

Click the image to enlarge it[*] Then click the Scan button & wait for it to finish. [*] Once done click on the [Save..] button, and in the File name area, type in "ark.txt"[*]Save the log where you can easily find it, such as your desktop.[/list]**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Please copy and paste the report into your Post.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney StinsonIts gonna be legen.. wait for it.. dary!Cherish the pain, it means you're still alive

Erm.. can you attach the external drive to the computer and then do another scan with GMER? This time just tick all options available (but don't tick "Show All")

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney StinsonIts gonna be legen.. wait for it.. dary!Cherish the pain, it means you're still alive

My computer turned off when I was scanning, because the power in my room went off for a second, when windows started I got the notice again when the external hard drive was plugged in, I only get that message when the external is plugged in.

copy/paste (not cut and paste) the mbr.exe that you saved on the Desktop to C:\WINDOWS folder..

Then, go to Start >> Run >> copy/paste below >> Press Enter

mbr -f

Then a logfile (mbr.log) will be created on your screen (find it at C:\Windows\mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney StinsonIts gonna be legen.. wait for it.. dary!Cherish the pain, it means you're still alive

The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press Enter.

It will then prompt you for the Administrator's password. If there is no password, simply press Enter. Otherwise type in the password and then press enter. If you do not know your password then see this.

After that, type Exit and press Enter.. Reboot your computer and tell me how it goes.. Remember to do everything with the external drives attached to the computer

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney StinsonIts gonna be legen.. wait for it.. dary!Cherish the pain, it means you're still alive

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney StinsonIts gonna be legen.. wait for it.. dary!Cherish the pain, it means you're still alive

Or, alternatively you can go to cmd command (Start >> Run >> cmd >> enter) and then type cd\ and then press Enter

Upon C:\> type MbrFix /drive 0 fixmbr /yes and then press Enter...

Reboot your computer.. Run mbr.exe again and post the log here

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney StinsonIts gonna be legen.. wait for it.. dary!Cherish the pain, it means you're still alive

I ran a scan on my external HD alone and it tells me that's where the infection is, I scanned the whole computer and I don't get it anywhere else, so what I'm trying to say is, if I just get rid of the external HD would that solve my issue? This is where it is located K:\64a6a49f6c9b303eb97c9dc521\Thumbs.db - error opening I tried deleting that folder and it wont budge. I am asking this because when I reformatted my computer prior to finding out I had this virus in the first place I had no problem, I ran scans and I had nothing showing up, I've restarted my computer like 2 times, nothing came up until I plugged in my external hard drive and started my computer and I got the alert, now when I don't connect the external I don't get the message upon a restart, I left it plugged in since the day you told me. When I ran the scan it picked it up not even in a second, so if I just trash my external HD am I in the clear?

But, the first thing I will suggest is to reformat the external drive first.. Make sure its empty.. If after reformat you still see the "K:\64a6a49f6c9b303eb97c9dc521\Thumbs.db" file please tell me

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney StinsonIts gonna be legen.. wait for it.. dary!Cherish the pain, it means you're still alive